skip singing apks which ar not validating with signatures from metadata

2025-10-06 01:11:07 +03:00 · 2017-06-13 18:12:45 +02:00 · 2017-06-13 18:12:45 +02:00 · b993d93395
commit b993d93395
parent 04daa7a03a
1 changed files with 55 additions and 52 deletions
--- a/fdroidserver/publish.py
+++ b/fdroidserver/publish.py
@ -171,6 +171,7 @@ def main():
        else:

            # It's a 'normal' app, i.e. we sign and publish it...
+            skipsigning = False

            # First we handle signatures for this app from local metadata
            signingfiles = common.metadata_find_developer_signing_files(appid, vercode)
@ -194,6 +195,7 @@ def main():
                else:
                    os.remove(devsignedtmp)
                    logging.error('...verification failed - skipping: %s', devsigned)
+                    skipsigning = True

            # Now we sign with the F-Droid key.

@ -203,6 +205,7 @@ def main():
            # If a collision does occur later, we're going to have to
            # come up with a new alogrithm, AND rename all existing keys
            # in the keystore!
+            if not skipsigning:
                if appid in config['keyaliases']:
                    # For this particular app, the key alias is overridden...
                    keyalias = config['keyaliases'][appid]